<?php
define('IN_ECS', true);
require(dirname(__FILE__) . '/includes/init.php');
include_once(ROOT_PATH . 'includes/lib_form.php');
require_once(ROOT_PATH . 'includes/cls_image.php');
/* 允许上传的文件类型 */
$allow_file_types = '|GIF|JPG|PNG|BMP|SWF|DOC|XLS|PPT|MID|WAV|ZIP|RAR|PDF|CHM|RM|TXT|FLV|';
$siteUrl="/admin/form";
if($action == 'savecontent') {
	if($secCode) {
		$inputCode = $_POST['seccode'];
		session_start();
		$num = MD5(strtoupper($inputCode));
		$sess = $_SESSION['code'];
		if($num != $sess) {
			msg("验证码错误");
			exit;
		}
	}
	
	$titleList = $db->getAll("SELECT type,title,ismust FROM ".$ecs->table('form_type')." WHERE fid='$fid' ORDER BY orderid ASC");
	
	$content = MooHtmlspecialchars($content);
	
	foreach($titleList AS $k=>$t) {
		if($titleList[$k]['ismust']) {
			checkMust($content[$k], $titleList[$k]['ismust']);
		}
		$title[] = $t['title'];
		//如果是file类型，则先上传文件
		if($titleList[$k]['type']=='file'){
		    if ((isset($_FILES['content']['error'][0]) && $_FILES['content']['error'][0] == 0) || (!isset($_FILES['content']['error'][0]) && isset($_FILES['content']['tmp_name'][0]) && $_FILES['content']['tmp_name'][0] != 'none')){
		        // 检查文件格式
		        if (!check_file_type($_FILES['content']['tmp_name'][0], $_FILES['content']['name'][0], $allow_file_types))
		        {
		            msg("非法的文件格式");
		        }
		        // 复制文件
		        $res = upload_form_file($_FILES['content']);
		        if ($res != false)
		        {
		            $content[$k] = $res;
		        }
		    }
		}
	}
	$array = array('content' => $content,'title' => $title);
	$intoArr = addslashes(serialize($array));
	$time = time();
	$db->query("INSERT INTO ".$ecs->table('form_data')." (fid,content,addtime) VALUES ('$fid', '$intoArr', '$time')");
	msg('信息已成功提交');
	
} elseif ($action == 'checkcode') {
	$inputCode = $_POST['seccode'];
	session_start();
	$num = MD5(strtoupper($inputCode));
	$sess = $_SESSION['code'];
	if($num == $sess) {
		echo '<img src="'.$siteUrl.'/images/check_right.gif">';
	} else {
		echo '<img src="'.$siteUrl.'/images/check_error.gif">';
	}
} elseif ($action == 'checkinput') {
	$val= $_POST['val'];
	$fid= $_POST['fid'];
	$ikey= $_POST['ikey'];
	$t = $db->getAll("SELECT title,ismust FROM ".$ecs->table('form_type')." WHERE fid='$fid' ORDER BY orderid ASC");
	$ismust = $t[$ikey]['ismust'];
	if($ismust) {
		if(checkInput($val, $ismust)) {
			echo '<img src="'.$siteUrl.'/images/check_right.gif">';
		} else {
			echo '<img src="'.$siteUrl.'/images/check_error.gif">';
		}
	}
} else {
	$f = $db->getRow("SELECT * FROM ".$ecs->table('form')." WHERE fid='$fid' AND display='1'",true);
	if(!$f){ 
		exit;
	}
	$fmsg = str_replace("\r\n", "<br />" ,$f['fmsg']);
	?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<SCRIPT LANGUAGE="JavaScript" src="<?=$siteUrl?>/js/jquery.js"></SCRIPT>
<SCRIPT LANGUAGE="JavaScript" src="<?=$siteUrl?>/js/comm.js"></SCRIPT>
<link href="<?=$siteUrl?>/style.css" rel="stylesheet" type="text/css" />
<title><?=$f['fname']?>-Powered by KnifeCMS</title>
</head>
<body>
	<?php
	$formList = $db->getAll("SELECT * FROM ".$ecs->table('form_type')." WHERE fid='$fid' ORDER BY orderid ASC");
	$option = '<div align="center"><h2>'.$f['fname'].'</h2></div>';
	$option .= '<div><h5>'.$fmsg.'</h5> 注: * 号为必填项</div>';
	$option .= showForm('formhead', '?action=savecontent');
	$option .= '<input type="hidden" name="fid" value="'.$fid.'" />';
	$option .= '<table width="100%"><tr><td></td></tr>';
	foreach($formList AS $k=>$form) {
		$k = (!$k) ? 0 : $k++;
		$option .= showForm($form['type'], $form['title'], $form['options'], $form['defaultvalue'], $form['msg'] ,$k, $form['ismust'], $fid);
	}
	
	if($secCode) {
		$option .= "<tr><td width=20%>验证码</td>";
		$option .= "<td width=\"80%\"><input type=\"text\" name=\"seccode\" size=\"8\" value=\"\" onblur=\"checkcode(this.value)\" /><a id=\"seccode\"></a><img src=\"$siteUrl/code.php\" alt=\"看不清楚可以点击更换\" border=\"0\" onclick=\"this.src='$siteUrl/code.php?update=' + Math.random()\" /></td></tr>";
	}
	$option .= '<input type="hidden" name="siteurl" id="siteurl" value="'.$siteUrl.'">';
	$option .= showForm('submit', 'submitcontent');
	$option .= '</table>';
	echo $option;
	?>
<div align="center">Powered by KnifeCMS.PHP 2.0</div> 
</body>
</html>
<?php
}

?>